mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-13 22:36:27 +03:00
caddyhttp: Address some Go 1.20 features (#6252)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
This commit is contained in:
parent
d404005339
commit
6d97d8d87b
8 changed files with 125 additions and 16 deletions
33
cmd/x509rootsfallback.go
Normal file
33
cmd/x509rootsfallback.go
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
// Copyright 2015 Matthew Holt and The Caddy Authors
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package caddycmd
|
||||||
|
|
||||||
|
import (
|
||||||
|
// For running in minimal environments, this can ease
|
||||||
|
// headaches related to establishing TLS connections.
|
||||||
|
// "Package fallback embeds a set of fallback X.509 trusted
|
||||||
|
// roots in the application by automatically invoking
|
||||||
|
// x509.SetFallbackRoots. This allows the application to
|
||||||
|
// work correctly even if the operating system does not
|
||||||
|
// provide a verifier or system roots pool. ... It's
|
||||||
|
// recommended that only binaries, and not libraries,
|
||||||
|
// import this package. This package must be kept up to
|
||||||
|
// date for security and compatibility reasons."
|
||||||
|
//
|
||||||
|
// This is in its own file only because of conflicts
|
||||||
|
// between gci and goimports when in main.go.
|
||||||
|
// See https://github.com/daixiang0/gci/issues/76
|
||||||
|
_ "golang.org/x/crypto/x509roots/fallback"
|
||||||
|
)
|
1
go.mod
1
go.mod
|
@ -36,6 +36,7 @@ require (
|
||||||
go.uber.org/zap v1.27.0
|
go.uber.org/zap v1.27.0
|
||||||
go.uber.org/zap/exp v0.2.0
|
go.uber.org/zap/exp v0.2.0
|
||||||
golang.org/x/crypto v0.22.0
|
golang.org/x/crypto v0.22.0
|
||||||
|
golang.org/x/crypto/x509roots/fallback v0.0.0-20240416174822-0da2a6a1bbc8
|
||||||
golang.org/x/net v0.24.0
|
golang.org/x/net v0.24.0
|
||||||
golang.org/x/sync v0.7.0
|
golang.org/x/sync v0.7.0
|
||||||
golang.org/x/term v0.19.0
|
golang.org/x/term v0.19.0
|
||||||
|
|
2
go.sum
2
go.sum
|
@ -507,6 +507,8 @@ golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4
|
||||||
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
|
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
|
||||||
golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
|
golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
|
||||||
golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
|
golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
|
||||||
|
golang.org/x/crypto/x509roots/fallback v0.0.0-20240416174822-0da2a6a1bbc8 h1:WsZ1vq1wEPrhLWtbblOEshIKDAbG0sYGgbYCFInT0QM=
|
||||||
|
golang.org/x/crypto/x509roots/fallback v0.0.0-20240416174822-0da2a6a1bbc8/go.mod h1:kNa9WdvYnzFwC79zRpLRMJbdEFlhyM5RPFBBZp/wWH8=
|
||||||
golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 h1:aAcj0Da7eBAtrTp03QXWvm88pSyOt+UgdZw2BFZ+lEw=
|
golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 h1:aAcj0Da7eBAtrTp03QXWvm88pSyOt+UgdZw2BFZ+lEw=
|
||||||
golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
|
golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
|
||||||
golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
|
golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
|
||||||
|
|
|
@ -226,13 +226,22 @@ func StatusCodeMatches(actual, configured int) bool {
|
||||||
// in the implementation of http.Dir. The root is assumed to
|
// in the implementation of http.Dir. The root is assumed to
|
||||||
// be a trusted path, but reqPath is not; and the output will
|
// be a trusted path, but reqPath is not; and the output will
|
||||||
// never be outside of root. The resulting path can be used
|
// never be outside of root. The resulting path can be used
|
||||||
// with the local file system.
|
// with the local file system. If root is empty, the current
|
||||||
|
// directory is assumed. If the cleaned request path is deemed
|
||||||
|
// not local according to lexical processing (i.e. ignoring links),
|
||||||
|
// it will be rejected as unsafe and only the root will be returned.
|
||||||
func SanitizedPathJoin(root, reqPath string) string {
|
func SanitizedPathJoin(root, reqPath string) string {
|
||||||
if root == "" {
|
if root == "" {
|
||||||
root = "."
|
root = "."
|
||||||
}
|
}
|
||||||
|
|
||||||
path := filepath.Join(root, path.Clean("/"+reqPath))
|
relPath := path.Clean("/" + reqPath)[1:] // clean path and trim the leading /
|
||||||
|
if !filepath.IsLocal(relPath) {
|
||||||
|
// path is unsafe (see https://github.com/golang/go/issues/56336#issuecomment-1416214885)
|
||||||
|
return root
|
||||||
|
}
|
||||||
|
|
||||||
|
path := filepath.Join(root, filepath.FromSlash(relPath))
|
||||||
|
|
||||||
// filepath.Join also cleans the path, and cleaning strips
|
// filepath.Join also cleans the path, and cleaning strips
|
||||||
// the trailing slash, so we need to re-add it afterwards.
|
// the trailing slash, so we need to re-add it afterwards.
|
||||||
|
|
|
@ -3,6 +3,7 @@ package caddyhttp
|
||||||
import (
|
import (
|
||||||
"net/url"
|
"net/url"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
"runtime"
|
||||||
"testing"
|
"testing"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -12,9 +13,10 @@ func TestSanitizedPathJoin(t *testing.T) {
|
||||||
// %2f = /
|
// %2f = /
|
||||||
// %5c = \
|
// %5c = \
|
||||||
for i, tc := range []struct {
|
for i, tc := range []struct {
|
||||||
inputRoot string
|
inputRoot string
|
||||||
inputPath string
|
inputPath string
|
||||||
expect string
|
expect string
|
||||||
|
expectWindows string
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
inputPath: "",
|
inputPath: "",
|
||||||
|
@ -63,7 +65,7 @@ func TestSanitizedPathJoin(t *testing.T) {
|
||||||
{
|
{
|
||||||
inputRoot: "/a/b",
|
inputRoot: "/a/b",
|
||||||
inputPath: "/%2e%2e%2f%2e%2e%2f",
|
inputPath: "/%2e%2e%2f%2e%2e%2f",
|
||||||
expect: filepath.Join("/", "a", "b") + separator,
|
expect: "/a/b", // inputPath fails the IsLocal test so only the root is returned
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
inputRoot: "/a/b",
|
inputRoot: "/a/b",
|
||||||
|
@ -81,9 +83,16 @@ func TestSanitizedPathJoin(t *testing.T) {
|
||||||
expect: filepath.Join("C:\\www", "foo", "bar"),
|
expect: filepath.Join("C:\\www", "foo", "bar"),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
inputRoot: "C:\\www",
|
inputRoot: "C:\\www",
|
||||||
inputPath: "/D:\\foo\\bar",
|
inputPath: "/D:\\foo\\bar",
|
||||||
expect: filepath.Join("C:\\www", "D:\\foo\\bar"),
|
expect: filepath.Join("C:\\www", "D:\\foo\\bar"),
|
||||||
|
expectWindows: filepath.Join("C:\\www"), // inputPath fails IsLocal on Windows
|
||||||
|
},
|
||||||
|
{
|
||||||
|
// https://github.com/golang/go/issues/56336#issuecomment-1416214885
|
||||||
|
inputRoot: "root",
|
||||||
|
inputPath: "/a/b/../../c",
|
||||||
|
expect: filepath.Join("root", "c"),
|
||||||
},
|
},
|
||||||
} {
|
} {
|
||||||
// we don't *need* to use an actual parsed URL, but it
|
// we don't *need* to use an actual parsed URL, but it
|
||||||
|
@ -96,6 +105,9 @@ func TestSanitizedPathJoin(t *testing.T) {
|
||||||
t.Fatalf("Test %d: invalid URL: %v", i, err)
|
t.Fatalf("Test %d: invalid URL: %v", i, err)
|
||||||
}
|
}
|
||||||
actual := SanitizedPathJoin(tc.inputRoot, u.Path)
|
actual := SanitizedPathJoin(tc.inputRoot, u.Path)
|
||||||
|
if runtime.GOOS == "windows" && tc.expectWindows != "" {
|
||||||
|
tc.expect = tc.expectWindows
|
||||||
|
}
|
||||||
if actual != tc.expect {
|
if actual != tc.expect {
|
||||||
t.Errorf("Test %d: SanitizedPathJoin('%s', '%s') => '%s' (expected '%s')",
|
t.Errorf("Test %d: SanitizedPathJoin('%s', '%s') => '%s' (expected '%s')",
|
||||||
i, tc.inputRoot, tc.inputPath, actual, tc.expect)
|
i, tc.inputRoot, tc.inputPath, actual, tc.expect)
|
||||||
|
|
|
@ -15,6 +15,8 @@
|
||||||
package requestbody
|
package requestbody
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/dustin/go-humanize"
|
"github.com/dustin/go-humanize"
|
||||||
|
|
||||||
"github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile"
|
"github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile"
|
||||||
|
@ -44,8 +46,30 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error)
|
||||||
}
|
}
|
||||||
rb.MaxSize = int64(size)
|
rb.MaxSize = int64(size)
|
||||||
|
|
||||||
|
case "read_timeout":
|
||||||
|
var timeoutStr string
|
||||||
|
if !h.AllArgs(&timeoutStr) {
|
||||||
|
return nil, h.ArgErr()
|
||||||
|
}
|
||||||
|
timeout, err := time.ParseDuration(timeoutStr)
|
||||||
|
if err != nil {
|
||||||
|
return nil, h.Errf("parsing read_timeout: %v", err)
|
||||||
|
}
|
||||||
|
rb.ReadTimeout = timeout
|
||||||
|
|
||||||
|
case "write_timeout":
|
||||||
|
var timeoutStr string
|
||||||
|
if !h.AllArgs(&timeoutStr) {
|
||||||
|
return nil, h.ArgErr()
|
||||||
|
}
|
||||||
|
timeout, err := time.ParseDuration(timeoutStr)
|
||||||
|
if err != nil {
|
||||||
|
return nil, h.Errf("parsing write_timeout: %v", err)
|
||||||
|
}
|
||||||
|
rb.WriteTimeout = timeout
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return nil, h.Errf("unrecognized servers option '%s'", h.Val())
|
return nil, h.Errf("unrecognized request_body subdirective '%s'", h.Val())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -17,6 +17,9 @@ package requestbody
|
||||||
import (
|
import (
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"go.uber.org/zap"
|
||||||
|
|
||||||
"github.com/caddyserver/caddy/v2"
|
"github.com/caddyserver/caddy/v2"
|
||||||
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
|
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
|
||||||
|
@ -31,6 +34,14 @@ type RequestBody struct {
|
||||||
// The maximum number of bytes to allow reading from the body by a later handler.
|
// The maximum number of bytes to allow reading from the body by a later handler.
|
||||||
// If more bytes are read, an error with HTTP status 413 is returned.
|
// If more bytes are read, an error with HTTP status 413 is returned.
|
||||||
MaxSize int64 `json:"max_size,omitempty"`
|
MaxSize int64 `json:"max_size,omitempty"`
|
||||||
|
|
||||||
|
// EXPERIMENTAL. Subject to change/removal.
|
||||||
|
ReadTimeout time.Duration `json:"read_timeout,omitempty"`
|
||||||
|
|
||||||
|
// EXPERIMENTAL. Subject to change/removal.
|
||||||
|
WriteTimeout time.Duration `json:"write_timeout,omitempty"`
|
||||||
|
|
||||||
|
logger *zap.Logger
|
||||||
}
|
}
|
||||||
|
|
||||||
// CaddyModule returns the Caddy module information.
|
// CaddyModule returns the Caddy module information.
|
||||||
|
@ -41,6 +52,11 @@ func (RequestBody) CaddyModule() caddy.ModuleInfo {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (rb *RequestBody) Provision(ctx caddy.Context) error {
|
||||||
|
rb.logger = ctx.Logger()
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func (rb RequestBody) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error {
|
func (rb RequestBody) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error {
|
||||||
if r.Body == nil {
|
if r.Body == nil {
|
||||||
return next.ServeHTTP(w, r)
|
return next.ServeHTTP(w, r)
|
||||||
|
@ -48,6 +64,20 @@ func (rb RequestBody) ServeHTTP(w http.ResponseWriter, r *http.Request, next cad
|
||||||
if rb.MaxSize > 0 {
|
if rb.MaxSize > 0 {
|
||||||
r.Body = errorWrapper{http.MaxBytesReader(w, r.Body, rb.MaxSize)}
|
r.Body = errorWrapper{http.MaxBytesReader(w, r.Body, rb.MaxSize)}
|
||||||
}
|
}
|
||||||
|
if rb.ReadTimeout > 0 || rb.WriteTimeout > 0 {
|
||||||
|
//nolint:bodyclose
|
||||||
|
rc := http.NewResponseController(w)
|
||||||
|
if rb.ReadTimeout > 0 {
|
||||||
|
if err := rc.SetReadDeadline(time.Now().Add(rb.ReadTimeout)); err != nil {
|
||||||
|
rb.logger.Error("could not set read deadline", zap.Error(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if rb.WriteTimeout > 0 {
|
||||||
|
if err := rc.SetWriteDeadline(time.Now().Add(rb.WriteTimeout)); err != nil {
|
||||||
|
rb.logger.Error("could not set write deadline", zap.Error(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
return next.ServeHTTP(w, r)
|
return next.ServeHTTP(w, r)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,6 @@ package caddyhttp
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"fmt"
|
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -75,20 +74,19 @@ func TestResponseWriterWrapperReadFrom(t *testing.T) {
|
||||||
// take precedence over our ReadFrom.
|
// take precedence over our ReadFrom.
|
||||||
src := struct{ io.Reader }{strings.NewReader(srcData)}
|
src := struct{ io.Reader }{strings.NewReader(srcData)}
|
||||||
|
|
||||||
fmt.Println(name)
|
|
||||||
if _, err := io.Copy(wrapped, src); err != nil {
|
if _, err := io.Copy(wrapped, src); err != nil {
|
||||||
t.Errorf("Copy() err = %v", err)
|
t.Errorf("%s: Copy() err = %v", name, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if got := tt.responseWriter.Written(); got != srcData {
|
if got := tt.responseWriter.Written(); got != srcData {
|
||||||
t.Errorf("data = %q, want %q", got, srcData)
|
t.Errorf("%s: data = %q, want %q", name, got, srcData)
|
||||||
}
|
}
|
||||||
|
|
||||||
if tt.responseWriter.CalledReadFrom() != tt.wantReadFrom {
|
if tt.responseWriter.CalledReadFrom() != tt.wantReadFrom {
|
||||||
if tt.wantReadFrom {
|
if tt.wantReadFrom {
|
||||||
t.Errorf("ReadFrom() should have been called")
|
t.Errorf("%s: ReadFrom() should have been called", name)
|
||||||
} else {
|
} else {
|
||||||
t.Errorf("ReadFrom() should not have been called")
|
t.Errorf("%s: ReadFrom() should not have been called", name)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue